Google has finally released its May security update for Android. The new update addresses more than 100 vulnerabilities.
The security fixes are split into two patch levels namely, 2017-05-01 and 2017-05-05. Moreover, the latest Android update overall includes 29 critical flaws in hardware-specific drivers, media processing server and similar components.
In the list of patches and fixes, the 2017-05-01 version covers bugs and vulnerabilities that are common across all Android devices while the 2017-05-05 patch level brings fixes for vulnerabilities in hardware specific drivers and components. Notably, the entire May update has patched as many as six critical vulnerabilities in Mediaserver.
Mediaserver gets patched after long time
The Mediaserver has been full of flaws for many years. Though Google attempted to patch the media server several times in last few years, it was until now relatively easy to trick users to download vulnerable media files on their device and then exploit their devices using media server flaws. Attackers were even gain remote access to the device for code execution using the Mediaserver process.
Ultimately, Google has disabled many channels that could help attackers exploit the Mediaserver offering.
Google has primarily released the May update package for its flagship Pixel and Nexus devices. The relevant patches for Android Open Source Project (AOSP) are available. Further, users need to wait until manufacturers compile the update for their devices.